Skip to main content

Who are you? Proving identity in health and care

By Mike Tattersall. 8 September 2017.

Hello my name is Mike Tattersall but there’s no easy way to prove that in digital health and care services currently. At NHS Digital, and in partnership with NHS England, we are looking at how we can enable patients to securely and conveniently access online health services in a consistent way.

The role of digital identity

NHS Digital and other NHS organisations are trying to transform the way people engage with the NHS, by delivering digital tools and services that help patients to take control of their own health and care.

In doing this, we need to be able to protect everyone’s privacy, making sure that only the right people can access information and we can connect people quickly, safely and accurately to the correct services and records.

Some things are different in health and care

Health and care is a highly complex and diverse environment. This means we have to develop a digital identity strategy that makes adoption simple and inexpensive for the 100’s and potentially 1000’s of services that might need an identity solution.

The risks in health and care services are quite different to the risks for other sectors. For example, someone who has lost money due to fraud can be compensated and their finances restored. However, once personal health information has been leaked, the leak can’t be undone and the information can’t be unknown by the perpetrator.

There has been a lot of work in central government to define standards and principles for identity proofing and authentication, and we are working to translate these to a health and care context.

What we’re doing

To make sure we are doing the right thing we are starting small and working iteratively hand-in-hand with other NHS organisations on the following:

  • Prototyping and research to explore what patients and care workers need

We’re looking at a range of options to achieve our longer-term aim of allowing people to prove their identity once, online, to access a range of services.

This includes looking at how different solutions work with the range of systems and services. We’re doing this by making prototypes and carrying out user research. We’re working with suppliers and services on this.

  • Standards and assurance

We’re working to agree and publish guidance on how health and care services should interpret existing government principles, standards and guidance on identity assurance. This will include technical standards for identity proofing and authentication, and design guidance for services to minimise identity risk. It will also give examples of when a high level of identity assurance is needed and when it is not

  • Re-use and adaptation of local and national services

We are working with local NHS organisations, their live services and users to assess the re-use and adaption of existing identity services. These include GOV.UK Verify, which has been built for central government services and Patient Online which is used to access patient facing services provided by GP Systems Suppliers.

We are doing all this because we know delivering identity solutions is complex. We need to ensure that we build services that are valuable to users, adopted by service providers and accepted by care workers.   

If you think you have a digital health service, with proven demand that would benefit from a consistent approach to identity then please get in touch by email at

Last edited: 11 September 2018 10:12 am